Google

Google AMP Flaw Exploited By Russian Hackers Targeting Journalists (salon.com) 31

An anonymous reader writes: Russian hacktivist group Fancy Bear (also referred to as APT28, Sofacy, and Strontium) has been using a flaw in Google's caching of Accelerated Mobile Pages (AMP) to phish targets, Salon reports. To make matters worse, Google has been aware of the bug for almost a year but has refused to fix it... The vulnerability involves how Google delivers google.com URLs for AMP pages to its search users in an effort to speed up mobile browsing. This makes Google products more vulnerable to phishing attacks.
Conservative blogger Matthew Sheffield writes in the article that most of the known targets "appear to have been journalists who were investigating allegations of corruption or other wrongdoing by people affiliated with the Russian government." One such target was Aric Toler, a researcher and writer for the website Bellingcat who specializes in analyzing Russian media and the country's relationship with far-right groups within Europe and America... another journalist who writes frequently about Russia, David Satter, was taken in by a similar AMP phishing message... Shortly after Satter was tricked into visiting the fake website and entering his password, a program that was hosting the site logged into his Gmail account and downloaded its entire contents. Within three weeks, as the Canadian website Citizen Lab reported, the perpetrators of the hack began posting Satter's documents online, and even altering them to make opponents and critics of Russian President Vladimir Putin look bad.
Google told Salon they've "made a number of changes" to AMP -- without saying what they were. (After contacting Google for a comment, AMP's creator and tech lead blocked public comments on a Github bug report about Google's AMP implementation.) "More things ... will come on Google's side in the future and we are working with browser vendors to eventually get the origin right," AMP's tech lead wrote last February.

Jason Kint, CEO of a major web publishing trade association, told Salon that "This report of an ongoing security issue is troubling and exactly why consolidation of power and closed standards are problematic. The sooner AMP migrates to the open web and becomes less tied to the interests of Google, in every way the better."
United States

Governments Turn Tables By Suing Public Records Requesters (apnews.com) 109

schwit1 quotes the AP: Government bodies are increasingly turning the tables on citizens who seek public records that might be embarrassing or legally sensitive. Instead of granting or denying their requests, a growing number of school districts, municipalities and state agencies have filed lawsuits against people making the requests -- taxpayers, government watchdogs and journalists who must then pursue the records in court at their own expense.

The lawsuits generally ask judges to rule that the records being sought do not have to be divulged. They name the requesters as defendants but do not seek damage awards. Still, the recent trend has alarmed freedom-of-information advocates, who say it's becoming a new way for governments to hide information, delay disclosure and intimidate critics. "This practice essentially says to a records requester, 'File a request at your peril,'" said University of Kansas journalism professor Jonathan Peters, who wrote about the issue for the Columbia Journalism Review in 2015, before several more cases were filed. "These lawsuits are an absurd practice and noxious to open government."

Businesses

Would a T-Mobile-Sprint Merger Hurt Consumers? (dslreports.com) 88

Following a report from Reuters claiming T-Mobile is close to agreeing on a deal to merge with Sprint, an anonymous Slashdot reader shares a report from DSLReports arguing how such a merger would remain "a very bad deal for consumers": The Sprint-T-Mobile merger could prove problematic for not only wireless prices, but the recent resurgence in unlimited data plans. While wireless carriers still often engage in theatrical non-price competition more often than not, the government's decision to block AT&T's acquisition of T-Mobile several years ago helped spur an unprecedented period of competition in wireless (something large ISPs and their policy armies like to ignore). The end result was a brasher and more competitive T-Mobile, who lead the way on a wave of improvements in the sector culminating most recently in the return of simpler, easier unlimited data plans. The government's decision to block Sprint from acquiring T-Mobile helped keep that competition intact, something large ISPs and their policy folk would similarly like you to forget. As a result, T-Mobile has added more customers per quarter than any other wireless carrier for several years running, as the resulting competition put an end to numerous, nasty industry tactics including overcharging for international roaming, to obnoxious fees and long-term contracts. And while the new, combined company will likely still be run by current popular T-Mobile CEO John Legere, the very act of eliminating one of only four major players in the wireless market will indisputably reduce the incentive to more seriously compete on price, and could help reverse the progress the sector has seen in recent years. It's well within reason that this reduced competition could also bring back metered plans and put an end to unlimited data.
Security

Major Cyber-Attack Will Happen Soon, Warns UK's Security Boss (theguardian.com) 66

Alex Hern, writing for The Guardian: A "category one" cyber-attack, the most serious tier possible, will happen "sometime in the next few years", a director of the National Cybersecurity Centre has warned. According to the agency, which reports to GCHQ and has responsibly for ensuring the UK's information security, a category one cybersecurity incident requires a national government response. Speaking at an event about the next decade of information security, Levy warned that "sometime in the next few years we're going to have our first category one cyber-incident." The only way to prevent such a breach, he said, was to change the way businesses and governments think about cybersecurity. Rather than obsessing about buying the right security products, Levy argued, organisations should instead focus on managing risk: understanding the data they hold, the value it has, and how much damage it could do if it was lost, for instance.
Businesses

London Has Decided To Ban Uber (recode.net) 220

Johana Bhuiyan, writing for Recode: Transport for London, the taxi regulating service in London, announced today that it would not be renewing Uber's license to operate because of concerns over the company's "lack of corporate responsibility" in relation to public safety issues. The ride-hail company, which launched in London in 2012, is appealing the TfL's decision and will be allowed to continue to operate until a court makes a decision on that appeal. That process could take months. London is a significant market for Uber: The company says there are 40,000 drivers and 3.5 million riders on its platform in London. And like New York City, it is one of the most regulated markets where Uber operates. Unlike most markets across the U.S., Uber drivers in London and New York City are required to participate in government administered background checks.
Iphone

'Dear Apple, The iPhone X and Face ID Are Orwellian and Creepy' (hackernoon.com) 437

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

Social Networks

Facebook Will Share Copies of Political Ads Purchased by Russian Sources With the US Congress (recode.net) 225

An anonymous reader shares a report: Facebook will turn over copies of political ads purchased by Russian sources to congressional lawmakers, who are investigating the country's potential interference in the 2016 U.S. presidential election. Initially, Facebook had only released those ads -- 3,000 of them, valued at about $100,000 -- to Robert Mueller, the former FBI director who is spearheading the government's probe into Russia's actions. Facebook had withheld those details from House and Senate leaders, citing privacy concerns. But the move drew sharp rebukes from the likes of Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, who has charged in recent days that Facebook may not have done enough to scan its systems for potential Russian influence and to ensure that such foreign purchases -- otherwise illegal under U.S. law -- don't happen again. "After an extensive legal and policy review, today we are announcing that we will also share these ads with congressional investigators," wrote Colin Stretch, the company's general counsel. "We believe it is vitally important that government authorities have the information they need to deliver to the public a full assessment of what happened in the 2016 election."
Advertising

Democrats Ask FEC To Create New Rules To Keep Foreign Influence Off Social Media Ads (thehill.com) 194

Cristina Marcos reports via The Hill: Democratic lawmakers on Wednesday asked the Federal Election Commission (FEC) to establish new guidelines for online advertising platforms that would prevent foreign spending to influence U.S. elections. The move comes after Facebook provided information to Congress and special counsel Robert Mueller, who is leading the FBI's investigation into Russia's election interference, about Russian ad purchases during the 2016 campaign.

"The recent revelations that foreign nationals with suspected ties to the Russian government sought to influence the 2016 election through social media advertisements are deeply concerning and demand a response," 20 House and Senate Democrats wrote in the letter. "We are fast approaching the 2018 election cycle. As such, it is imperative the Federal Election Commission begin this effort in earnest," they wrote. CNN, which first reported on the Democrats' letter, cited Facebook sources saying they expect Congress may try to require disclaimers on online political ads in the future, similar to political television ads. The Democratic lawmakers suggested that any FEC guidance address how foreign actors can use corporate or nonprofit designations to avoid disclosing political spending; what advertisement platforms can do to prevent foreign campaign activity; and possible changes to disclosure standards for political advertisements.

Transportation

Is the World Ready For Flying Cars? (engadget.com) 251

An anonymous reader shares a report from TechCrunch, adding: "Is the world ready for flying cars? Sebastian Thrun, the supposed godfather of autonomous driving, and several other tech investors seem to think so." From the report: At TechCrunch Disrupt SF 2017, Thrun talked a lot about flying cars and how that was the future of transportation. So did GGV's Jenny Lee, a prolific investor in China. And so did Steve Jurvetson, one of the original investors in SpaceX. The technical backbone for flying cars seems to be there already -- with drones becoming ever-present and advancements in AI and self-driving cars -- but the time is coming soon that flying cars will be the primary mode of transportation. "I can't envision a future of highways [and being] stuck in cars," Thrun said. "I envision a [future] where you hop in a thing, go in the air, and fly in a straight line. I envision a future where Amazon delivers my food in the air in five minutes. The air is so free of stuff and is so unused compared to the ground, it has to happen in my opinion."

Cars today are forced to move on a two-dimensional plane (ramps, clover intersections and tunnels set aside), and while self-driving cars would make it easier for cars to talk to each other and move more efficiently, adding a third dimension to travel would make a lot of sense coming next. Thrun pointed to airplane transit, which is already a "fundamentally great mass transit system." Jurvetson said he was actually about to ride in a flying car before he "watched it flip over" before arriving to talk about some of the next steps in technology onstage. So, there's work to be done there, but it does certainly seem that all eyes are on flying cars. And that'll be enabled by autonomous driving, which will probably allow flying cars to figure out the most efficient paths from one point to the next without crashing into each other.
Lee said that China is closely analyzing changes in transportation, which might end up leading to flying cars. "I do want to highlight that there's going to be huge disruption within the transportation ecosystem in China," Lee said. "Cars going from diesel to electric. China has about 200 million install base of car ownership. In 2016, only 1 million cars are electric. The Chinese government hopes to install 5 million parking lots that are electric... Even the Chinese OEMs are buying into flying taxis."
Twitter

Twitter Suspends 300,000 Accounts Tied To Terrorism In 2017 (bloomberg.com) 69

According to a new transparency report, Twitter said it suspended nearly 300,000 accounts globally linked to terrorism in the first half of the year. The company is improving automation tools used to help block accounts that promote terrorism and violence. Bloomberg reports: Of [the nearly 300,000 accounts that were suspended], roughly 95 percent were identified by the company's spam-fighting automation tools. Meanwhile, the social network said government data requests continued to increase, and that it provided authorities with data on roughly 3,900 accounts from January to June. Twitter said about 75 percent of the blocked accounts this year were spotted before a single tweet was sent, and that 935,897 accounts had been suspended since August 2015, with two-thirds of those coming in the past year. American authorities made 2,111 requests from Twitter from January to June, the most of the 83 countries tracked by the company. Twitter supplied information on users in 77 percent of the inquiries. Japan made 1,384 requests and the U.K. issued 606 requests. Turkish authorities continued a trend of aggressively policing Twitter, making 554 requests for account data and issuing court orders to remove 715 pieces of content. Other governments made only 38 total content-removal requests.
Google

Google's New Payment App For India Transfers Money Via Ultrasound (buzzfeed.com) 37

Pranav Dixit, writing for BuzzFeed News: Google's goal for the brand-new payments app it launched in India on Monday is simple yet ambitious: to get in on the action each time someone sends or receives money in its largest market outside the United States. The app is called Tez -- Hindi for "fast" -- and it lets users do three things: send money to people in their phones' address books, make payments to businesses (both online as well as in real-world mom-and-pop stores), and zap cash to anyone around them -- all without knowing bank account numbers or personal details. Tez is powered by UPI, short for Unified Payments Interface, a Indian government-backed payments standard that lets users transfer money directly into each other's bank accounts using just their mobile numbers, or a bank-issued payment ID that looks like an email address. It works a lot like Venmo does in the US, except that anyone can build their own payments app on top of UPI. Once you hit Pay or Receive, Tez detects other Tez users around you with a proprietary technology called Audio QR based on ultrasound, and pairs with their phones. Once a sender puts in the amount and authenticates with a preset PIN to confirm who they're sending money to, a transaction happens in seconds.
Privacy

Illinois Tests A Blockchain-Based Birth Registry/ID System (illinoisblockchain.tech) 151

An anonymous reader quotes Government Technology: The state of Illinois, which has six blockchain pilots underway, will partner with Utah-based Evernym for a birth registry pilot meant to individualize and secure identities... The endeavor, one of six distinct blockchain explorations Illinois began last summer with a working group, is expected to utilize the Sovrin Foundation's publicly available distributed identity ledger and expand upon accomplishments of the W3C Verifiable Claims Task Force, the state said... Recognizing that identity -- and, now, digital identity -- begin at birth, the state will explore using these technologies to create "a secure 'self-sovereign' identity for Illinois citizens during the birth registration process," it said in the announcement.
More from the Illinois Blockchain Initiative site: Self-sovereign identity refers to a digital identity that remains entirely under the individual's control. A self-sovereign identity can be efficiently and securely validated by entities who require it, free from reliance on a centralized repository. Jennifer O'Rourke, Blockchain Business Liaison for the Illinois Blockchain Initiative commented, "To structurally address the many issues surrounding digital identity, we felt it was important to develop a framework that examines identity from its inception at child birth... Identity is not only foundational to nearly every government service, but is the basis for trust and legitimacy in the public sector."

In the proposed framework, government agencies will verify birth registration information and then cryptographically sign identity attributes such as legal name, date of birth, sex or blood type, creating what are called "verifiable claims" or attributes. Permission to view or share each of these government-verified claims is stored on the tamper-proof distributed ledger protocol in the form of a decentralized identifier... This minimizes the need for entities to establish, maintain and rely upon their own proprietary databases of identity information.

Evernym's "Chief Trust Officer" sees the program as "a major contribution to the larger effort of solving the online identity problem."
Space

Idaho Wants To Establish America's First 'Dark Sky Preserve' (idahostatesman.com) 136

schwit1 shares a story from the AP: Tourists heading to central Idaho will be in the dark if local officials get their way. The first International Dark Sky Reserve in the United States would fill a chunk of the state's sparsely populated region that contains night skies so pristine that interstellar dust clouds are visible in the Milky Way... Supporters say excess artificial light causes sleeping problems for people and disrupts nocturnal wildlife and that a dark sky can solve those problems, boost home values and draw tourists. Opposition to dark sky measures elsewhere in the U.S. have come from the outdoor advertising industry and those against additional government regulations.

Researchers say 80 percent of North Americans live in areas where light pollution blots out the night sky. Central Idaho contains one of the few places in the contiguous United States large enough and dark enough to attain reserve status, Barentine said. Only 11 such reserves exist in the world... The proposed Idaho reserve is mainly land managed by the U.S. Forest Service and contains the wilderness of the Sawtooth National Recreation Area... Leaders in the cities of Ketchum and Sun Valley, the tiny mountain town of Stanley, other local and federal officials, and a conservation group have been working for several years to apply this fall to designate 1,400 square miles (3,600 square kilometers) as a reserve. A final decision by the association would come about 10 weeks after the application is submitted.

The Military

Mystery of Sonic Weapon Attacks At US Embassy In Cuba Deepens (theguardian.com) 215

An anonymous reader quotes a report from The Guardian: The blaring, grinding noise jolted the American diplomat from his bed in a Havana hotel. He moved just a few feet, and there was silence. He climbed back into bed. Inexplicably, the agonizing sound hit him again. It was as if he'd walked through some invisible wall cutting straight through his room. Soon came the hearing loss, and the speech problems, symptoms both similar and altogether different from others among at least 21 U.S. victims in an astonishing international mystery still unfolding in Cuba. The top U.S. diplomat has called them "health attacks." New details learned by the Associated Press indicate at least some of the incidents were confined to specific rooms or even parts of rooms with laser-like specificity, baffling U.S. officials who say the facts and the physics don't add up.

Suspicion initially focused on a sonic weapon, and on the Cubans. Yet the diagnosis of mild brain injury, considered unlikely to result from sound, has confounded the FBI, the state department and U.S. intelligence agencies involved in the investigation. Some victims now have problems concentrating or recalling specific words, several officials said, the latest signs of more serious damage than the U.S. government initially realized. The United States first acknowledged the attacks in August -- nine months after symptoms were first reported.

Government

Trump Blocks China-Backed Takeover of US Chip Maker 'Lattice Semi' (cnn.com) 151

MountainLogic shares a report from CNN: President Trump has stopped the takeover of an American chip maker by a private equity firm with ties to China. The deal, which would have seen China-backed Canyon Bridge Capital Partners acquire Lattice Semiconductors, was blocked over national security concerns. "Today, consistent with the administration's commitment to take all actions necessary to ensure the protection of U.S. national security, the president issued an order prohibiting the acquisition," Treasury Secretary Steven Mnuchin said in a statement Wednesday. The national security risk included "the potential transfer of intellectual property" to the Chinese-backed company and the "Chinese government's role in supporting this transaction," according to Mnuchin's statement. Those are sensitive matters: the Trump administration launched an investigation last month into whether China is unfairly getting hold of American technology and intellectual property. The Committee on Foreign Investment in the U.S., which reviews deals that could result in a foreign entity taking control of an American company, had previously recommended halting the deal. Lattice CEO Darin G. Billerbeck called the outcome "disappointing" and called the proposed acquisition "an excellent deal" for Lattice and for "expanding the opportunity to keep jobs in America." According to CNN, Lattice currently employs 300 people in Oregon -- and Canyon Bridge has committed to adding 350 more if the takeover deal went through.
Transportation

Hyperloop One Reveals 10 Strongest Potential Hyperloop Routes In the World (techcrunch.com) 142

An anonymous reader quotes a report from TechCrunch: Hyperloop One wants to build a real, working Hyperloop -- but it'll need strong partners to make it a reality, across both industry and government. That's why, in part, it held a global competition requesting proposals for routes around the world. The winners of that competition have now been announced, and the resulting routes span the U.S., the U.K, Mexico, India and Canada. Hyperloop One has assessed each proposal from hundreds of teams who applied from around the world, examining the potential of each from the perspective of infrastructure, technology, regulatory environment and transportation concerns. As a result, it identified the strongest candidates [with four routes in the U.S., two routes in the U.K., one route in Mexico, two routes in India, and one route in Canada.]

The next step for each of these winning teams will be a validation process conducted with Hyperloop One to do some in-depth analysis on each route, establishing things like ridership forecast and building a fully fleshed out business case for each. Hyperloop One will be hosting workshops in each of the above countries to help with this process, and to meet with stakeholders and help establish necessary partnerships. Overall, Hyperloop One points out that these winning teams represent a combined population of almost 150 million people, with routes that would link up 53 urban centers around the world and span a total distance of 4,121 miles).

Businesses

Two Ex-Googlers Want To Make Bodegas And Mom-And-Pop Corner Stores Obsolete (fastcompany.com) 342

Elizabeth Segran, writing for FastCompany: While it sometimes feels like we do all of our shopping on the internet, government data shows that actually less than 10% of all retail transactions happen online. In a world where we get our groceries delivered in just two hours through Instacart or Amazon Fresh, the humble corner store -- or bodega, as they are known in New York and Los Angeles -- still performs a valuable function. No matter how organized you are, you're bound to run out of milk or diapers in the middle of the night and need to make a quick visit to your neighborhood retailer. Paul McDonald, who spent 13 years as a product manager at Google, wants to make this corner store a thing of the past. Today, he is launching a new concept called Bodega with his cofounder Ashwath Rajan, another Google veteran. Bodega sets up five-foot-wide pantry boxes filled with non-perishable items you might pick up at a convenience store. An app will allow you to unlock the box and cameras powered with computer vision will register what you've picked up, automatically charging your credit card. The entire process happens without a person actually manning the "store." Bodega's logo is a cat, a nod to the popular bodega cat meme on social media -- although if the duo gets their way, real felines won't have brick-and-mortar shops to saunter around and take naps in much longer. "The vision here is much bigger than the box itself," McDonald says. "Eventually, centralized shopping locations won't be necessary, because there will be 100,000 Bodegas spread out, with one always 100 feet away from you."
Businesses

Silicon Valley Bosses Are Globalists, Not Libertarians (economist.com) 308

From a report via The Economist: In a recently published survey of 600 entrepreneurs and executives in Silicon Valley, conducted by David Broockman and Neil Malhotra of Stanford University and Gregory Ferenstein, a journalist, three-quarters of respondents said they supported Hillary Clinton during the 2016 presidential election. But although technology-firm leaders hold views that in general hew much closer to Democratic positions than Republican ones, they are far from reliable partisan ideologues. As you might expect from captains of industry, Silicon Valley executives are much more likely to support free trade and to oppose government regulation of businesses than your average Democrat is. For example, just 30% of tech bosses believe that ride-hailing companies need to be regulated like the taxi industry, compared with 60% of Democrats.

Given their combination of socially liberal attitudes and a preference for free markets, you might call Silicon Valley executives libertarians. However, libertarians generally advocate shrinking the state as a share of the economy, which technology bosses resolutely do not. When asked if they "would like to live in a society where government does nothing except provide national defense and police protection, so that people could be left alone to earn whatever they could," just 24% agreed. In contrast, 68% of Republican donors concurred with that statement. Moreover, Silicon Valley entrepreneurs are just as likely to favor redistributive economic policies, such as universal health care and higher taxes on the rich, as an average Democrat is. The outlook of our new robot-building overlords is far more communitarian than, say, the doctrines of Ayn Rand.

Japan

Japan Trials Driverless Cars In Bid To Keep Rural Elderly On the Move (reuters.com) 59

According to Reuters, Japan is starting to experiment with self-driving buses in rural communities such as Nishikata, 71 miles (115 km) north of the capital, Tokyo, where elderly residents struggle with fewer bus and taxi services as the population ages and shrinks. From the report: The swift advance of autonomous driving technology is prompting cities such as Paris and Singapore to experiment with such services, which could prove crucial in Japan, where populations are not only greying, but declining, in rural areas.Japan could launch self-driving services for remote communities by 2020, if the trials begun this month prove successful. The government plans to turn highway rest stops into hubs from which to ferry the elderly to medical, retail and banking services. In the initial trials of the firm's driverless six-seater Robot Shuttle, elderly residents of Nishikata, in Japan's Tochigi prefecture, were transferred between a service area and a municipal complex delivering healthcare services. The test also checked the vehicle's operational safety in road conditions ranging from puddles to fallen debris, and if those crossing its path would react to the warning it emits.
Government

Kaspersky Software Banned From US Government Systems Over Concerns About Russia (betanews.com) 91

Mark Wilson writes: The Department of Homeland Security has told US government agencies to remove Kaspersky software from their systems. The directive was issued because of concerns about influence exerted over the company by the Russian government. Government agencies have been given three months to identify and start to remove Kaspersky's security products. Kaspersky has constantly denied connections to the Russian government, but the US is simply not willing to take the risk.

Slashdot Top Deals